the problem is that most users never change those settings, and don't realize that it inherently creates a security problem. there are other problem settings, just like when "auto play" was the default for cd's and dvd's. the real problem is a lack of consideration of the security implications when the software is written and default settings are chosen, which also suggest a general lack of consideration of security, meaning there are other problems. the main reason more vulnerabilities haven't been published is again because macs are a smaller market and people spend less time trying to abuse them.
i strongly suspect that os x is at least as vulnerable as a sun sparc station running suns os' or most other small market share machines (and sun os vulnerabilities are found all the time), it just hasn't gotten the attention some others have. at the same time, there have been a number of security problems with bsd, which os x is based on, but most people haven't checked to see if the mac os also has those same holes, but it probably does in most cases, and apple has not released patches for many of those security holes. os x users running default settings, no firewall, and who aren't sophisticated in how they've changed settings and download material are vulnerable, and are living on borrowed time as far as avoiding worms, trojans, and spyware are concerned. ignoring things like meta data is a perfect example of failing to take advantage of a mechanism that is already in place and improves security, and by so doing apple has left open a vulnerability that windows has had for a long, long time. it's just carelessness and apathy about security, about doing the easy to do right things the right way rather than the slightly more lazy way. hell, the mac version of I.E. has many of the same bugs as the pc version, and many mac users blindly use it. the other problem is that many security intrusions go undetected. if someone steals the registration info for an application on your machine you won't know until the registration code is all over the web and the manufacturer blocks free updates of that security number, at best. if it's credit card info you won't know until it's abused, and there is actually a flood of credit card info on the web creating a surplus so many stolen credit card numbers don't get used, if you're lucky. fortunately, people who aren't in a corporate setting usually aren't as damaged by an intrusion, those in an institution can lose proprietary information and may never know it was stolen or just which competitor has their customer list and most recent bid proposals, but they will feel the effects. they just won't know how or why things are happening, which is one of the functions of a good firewall, i.e. to at least let you know when your data has been raped and how badly, and if your' lucky by who. never confuse fashion and luck with security, pc's are the fashionable target, and the mac community has been lucky, very lucky all things considered. i suspect that despite our dislike of public schools almost universally using pc's that this has been a big factor in keeping the mac community relatively free of virii, and this goes for colleges as well where there are still more pc's available than macs even in most schools that do have macs. an ounce of carelessness a pound of headaches. David Ensteness wrote: > > You guys do know that this can be turned off in your web browser right? > It is an option. > > David > > On Apr 12, 2004, at 7:21 PM, Robin Ashe wrote: > > > > >> I hope Apple pays attention, though, and quits automatically > >> unpacking and > >> opening downloaded files by default. Because *that* is already a ------- -- --Funny thing, the "MSN Butterfly" looks awfully fat, too fat for a butterfly, more like a bee. I guess there is truth in advertising after all... -- Unsupported OS X is sponsored by <http://lowendmac.com/> Support Low End Mac <http://lowendmac.com/lists/support.html> Unsupported OS X list info <http://lowendmac.com/lists/unsupported.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive <http://www.mail-archive.com/unsupportedosx%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
